This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

End-to-end encryption issue...

  • 2 replies
  • 1 has this problem
  • 1 view
  • Last reply by christ1

ian102
ian102
more options

I have updated two e-mail clients to V.78. Both under OS-X.

On the first I created a PGP certificate for one e-mail account and saved that. E-mails show the certificate attached with Open PGP. That worked just great.

On a mobile device I can see that certificate signed using Open PGP for encryption (obviously requiring PK exchange before encryption can take place).

On the other mac, previously equipped with several CACert Identity verification certificates for a number of accounts, I have installed the certificate exported from the first machine on its mirror account - that verifies ok - this is not a certificate import/export problem. BUT the account will not send using PGP. It defaults to S/MIME and then complains that the CACert ID certificate is non-existent or expired - in fact it was expired and was deleted months ago and so is now non-existent.

Note that on this second machine there are 5 or 6 accounts, three of which have CACert ID certificates but the account which I was working on with the PGP certificate is no longer covered by a CACert ID certificate although it was previously so covered.

Is there a way to force Thurderbird to just stick with the PGP encryption certificate and to not try to find a non-existent CACert ID certificate for this account (or at all)?

Best regards,

Ian Beeby

I have updated two e-mail clients to V.78. Both under OS-X. On the first I created a PGP certificate for one e-mail account and saved that. E-mails show the certificate attached with Open PGP. That worked just great. On a mobile device I can see that certificate signed using Open PGP for encryption (obviously requiring PK exchange before encryption can take place). On the other mac, previously equipped with several CACert Identity verification certificates for a number of accounts, I have installed the certificate exported from the first machine on its mirror account - that verifies ok - this is not a certificate import/export problem. BUT the account will not send using PGP. It defaults to S/MIME and then complains that the CACert ID certificate is non-existent or expired - in fact it was expired and was deleted months ago and so is now non-existent. Note that on this second machine there are 5 or 6 accounts, three of which have CACert ID certificates but the account which I was working on with the PGP certificate is no longer covered by a CACert ID certificate although it was previously so covered. Is there a way to force Thurderbird to just stick with the PGP encryption certificate and to not try to find a non-existent CACert ID certificate for this account (or at all)? Best regards, Ian Beeby

Chosen solution

RESOLVED - The issue was that there was a residual record that I had a key for that account:

Tools-> Account Settings -> End-to-end Encryption -> Manage S/MIME Certificates

Then find the name/e-mail address and delete the certificate authority for that account. The e-mail address you are looking for is the one which you now seek to protect with the PGP certificate.

Ian

Read this answer in context 👍 0

All Replies (2)

ian102
ian102 Question owner
more options

Chosen Solution

RESOLVED - The issue was that there was a residual record that I had a key for that account:

Tools-> Account Settings -> End-to-end Encryption -> Manage S/MIME Certificates

Then find the name/e-mail address and delete the certificate authority for that account. The e-mail address you are looking for is the one which you now seek to protect with the PGP certificate.

Ian

christ1
christ1
  • Top 25 Contributor
more options
On the other mac ... I have installed the certificate exported from the first machine on its mirror account

When exporting the key on the first machine, did you include the private key?

BUT the account will not send using PGP. It defaults to S/MIME

In a Write window, from the Security drop-down menu in the Composition Toolbar you can select which Encryption Technology to use - OpenPGP or S/MIME.

You can also select which one shall be preferred, if both, OpenPGP, and S/MIME is set up for the account. That's underneath End-To-End Encryption in the Account Settings for the particular account.